tags:

views:

128

answers:

1
Q: 

django/apache permissions problem

I'm running a django project on Centos 5.4 and serving it with httpd/mod_wsgi. I can't figure out the correct permissions for /home/website/django_project so that I don't get a 403 error.

In my httpd.conf the user and group to run httpd as is apache. The group django is set up with website and apache as members. The owner of /home/website and all subdirs is website:django, and the permissions are rwxrwx---. Right now the project works fine with the dev server, but if I try to view it through apache, I get a 403 error. chmod -R o+rx /home/website/django_project fixes the problem, but this obviously isn't a good solution.

Thanks

A: 

First, try setting the group-sticky bit on the directories:

find /home/website -type d -exec chmod g+s {} \;

Then the perms should read rwxrws---. See if this makes a difference.

If that fails, you can try to poke around as the "website" user and see what happens. Temporarily give the user "website" a home directory (not /home/website, it needs to be something else, like /var/home/website), password, and login shell, then use su - website to switch to it. Try listing the contents of /home/website and try reading files in there. Fix any problems.

Hope this helps.

P.S. I'm assuming /var/log/apache/access_log (or maybe it's /var/log/http/access_log) doesn't have anything useful.

Mike DeSimone  2010-04-21 23:28:14
the sticky bit did it. thanks.
Kevin  2010-04-21 23:50:14
IIRC, without the sticky bit, apache tries to access the directory as group "apache", which is the (default) group that executed the server. The sticky bit tells the OS to use the directory's group in that directory instead.
Mike DeSimone  2010-04-21 23:52:41
The sticky bit should only apply when writing files to the directory not read files from directory.
Graham Dumpleton  2010-04-22 01:40:49
Makes me wonder if mod_wsgi is trying to write to the directory. ... But are you sure, since you have to have execute permission on a directory to read its contents?
Mike DeSimone  2010-04-22 04:27:36
I'm not sure exactly what's going on. Before I did g+s, the permissions had to be rwxrwxr-x to prevent a 403 error. After g+s, rwxrwx--- works ok. The owner of everything is website:django, where django:x:505:apache,website. I had previously tried setting the owner to website:apache with no luck.
Kevin  2010-04-22 20:02:02

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP